Skip to main content

Third-Party App Management

Overview

The Third-Party Applications page provides a complete inventory of SaaS applications in use across your organization. Discover shadow IT, assess risks, and manage your SaaS portfolio.

Application Inventory

Viewing Applications

Navigate to SaaSThird-Party Applications

Each application shows:

FieldDescription
NameApplication name
CategoryApp type (productivity, finance, etc.)
UsersNumber of users
Risk LevelSecurity risk rating
StatusApproved, pending, blocked
Last UsedMost recent access

Application Details

Click an app to view:

  • Overview - App description and website
  • Security - Security features and certifications
  • Users - Employees using the app
  • Permissions - OAuth scopes granted
  • History - Usage over time

Discovery

How Apps Are Discovered

MethodApps Found
OAuth GrantsApps with API access
SSO LoginsApps accessed via SSO
Email ActivityApps sending notifications
Browser DataApps accessed via browser

Discovery Settings

Configure discovery:

  1. Go to SettingsDiscovery
  2. Enable/disable discovery methods
  3. Set scan frequency
  4. Configure exclusions

Risk Assessment

Risk Scoring

Apps are scored on:

FactorWeight
Security CertificationsSOC 2, ISO 27001
Data HandlingEncryption, retention
Access ControlsMFA, SSO support
Company ProfileSize, age, reputation
Permissions RequestedOAuth scopes

Risk Levels

LevelScoreDescription
Low0-3Minimal security concerns
Medium4-6Some concerns, review needed
High7-8Significant concerns
Critical9-10Major security risks

Manual Assessment

Override automated scores:

  1. Open application
  2. Click Edit Assessment
  3. Adjust risk factors
  4. Add notes
  5. Save

Application Status

Status Options

StatusMeaning
ApprovedAuthorized for use
PendingAwaiting review
BlockedNot authorized
Under ReviewBeing evaluated

Changing Status

  1. Select application(s)
  2. Click Change Status
  3. Select new status
  4. Add reason
  5. Confirm

Bulk Actions

Manage multiple apps:

  • Bulk approve
  • Bulk block
  • Bulk assign for review

User Management

Viewing App Users

See who uses each app:

  • User list
  • Access level/role
  • Last access date
  • Total usage time

Revoking Access

Remove user access:

  1. Open application
  2. Go to Users tab
  3. Select user(s)
  4. Click Revoke Access
  5. Confirm revocation
warning

Revoking access may require action in the connected identity provider or the application itself.

OAuth Permissions

Understanding Permissions

OAuth apps request permissions (scopes):

PermissionRisk
Read emailMedium - can see email content
Send emailHigh - can send as user
Access filesHigh - can read documents
Manage usersCritical - admin access

Reviewing Permissions

  1. Open application
  2. Go to Permissions tab
  3. Review requested scopes
  4. Assess necessity and risk

Revoking OAuth Tokens

Revoke app access entirely:

  1. Open application
  2. Click Revoke OAuth Access
  3. Confirm revocation
  4. Access removed across all users

Categories

Application Categories

CategoryExamples
ProductivityNotion, Asana, Monday
CommunicationSlack, Zoom, Teams
DevelopmentGitHub, Jira, Figma
FinanceQuickBooks, Expensify
MarketingHubSpot, Mailchimp
Security1Password, LastPass
StorageDropbox, Box, Google Drive

Custom Categories

Create custom categories:

  1. Go to SettingsCategories
  2. Click Add Category
  3. Enter name and description
  4. Assign apps to category

Alerts

Alert Configuration

Set up alerts for:

Alert TypeTrigger
New AppNew application discovered
High RiskHigh-risk app detected
Sensitive AccessSensitive permissions granted
Excessive UsersApp exceeds user threshold

Managing Alerts

  1. Go to SettingsAlerts
  2. Enable desired alert types
  3. Configure recipients
  4. Set frequency

Reporting

Available Reports

  • App Inventory - Complete application list
  • Risk Summary - Apps by risk level
  • User Access - Who uses what
  • Trend Report - Changes over time
  • Shadow IT - Unapproved applications

Export Options

  • PDF report
  • Excel spreadsheet
  • CSV data

Compliance

SaaS management supports:

FrameworkRequirement
SOC 2CC6.7
ISO 27001A.13.2.4
GDPRArt. 28 (processors)

Best Practices

Create Clear Policies

Define what makes an app "approved" and communicate to employees.

Review High-Risk First

Prioritize review of high-risk and high-user apps.

Provide Alternatives

When blocking an app, suggest approved alternatives to avoid friction.

Monitor Continuously

New apps appear regularly. Continuous monitoring catches shadow IT.

Next Steps

Devices

Manage endpoint security

Integrations

Connect cloud services